The few things I clicked on are scripts/modules you'd run yourself, so they're not really APIs in the commonly used sense, but website-wrappers that let you use the website as if it was an API. In that case, the user and the messengers are one and the same, the developer of the wrapper isn't involved at all in the transaction.
If it was Unofficial-API-As-A-Service, I'm pretty sure both would be in violation for most services. The user at least for sharing their account credentials, the UAAAS provider likely for some thing in the fine print about only being allowed to use the website for the intended purposes. I doubt either will get sued, the user will get their account cancelled and the provider will get their servers blocked and an angry letter from the lawyers telling them to stop.
If it was Unofficial-API-As-A-Service, I'm pretty sure both would be in violation for most services. The user at least for sharing their account credentials, the UAAAS provider likely for some thing in the fine print about only being allowed to use the website for the intended purposes. I doubt either will get sued, the user will get their account cancelled and the provider will get their servers blocked and an angry letter from the lawyers telling them to stop.